» software_91747972.exe
Overview
Analysis
File Details
Downloads (4)

software_91747972.exe

downer for windows

Riyue peer information technology (Beijing) Co., Ltd

The application software_91747972.exe by Riyue peer information technology (Beijing) Co. has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.onlinedown.net and multiple other hosts.

File name:

Publisher:

Riyue peer information technology (Beijing) Co., Ltd (signed and verified)

Product:

downer for windows

Version:

1.2.0.0

MD5:

137b4ddfcc2402fdaa4e068e65746e98

SHA-1:

85c080ed24f6841ec8c51b59f2b1151ae67e02cf

SHA-256:

21f38010b2e196415a593fa19264c9b6945c44f8f771c8e5df318f464eb2676d

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 9:30:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.KX

694

Agnitum Outpost

PUA.Downware

7.1.1

AhnLab V3 Security

Downloader/Win32.Banload

2015.03.11

Avira AntiVirus

Adware/Downware.1003520.5

7.11.215.236

avast!

Win32:Adware-gen [Adw]

2014.9-150313

Bitdefender

Application.Bundler.KX

1.0.20.360

Dr.Web

Adware.Downware.9666

9.0.1.072

Fortinet FortiGate

W32/Banker.I!tr.pws

3/13/2015

F-Secure

Application.Bundler.KX

11.2015-13-03_6

G Data

Application.Bundler.KX

15.3.25

IKARUS anti.virus

Hoax.Win32.ArchSMS

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.200.15223

Malwarebytes

PUP.Optional.Downloader

v2015.03.13.10

McAfee

RDN/PWS-Banker.dldr!i

5600.6828

MicroWorld eScan

Application.Bundler.KX

16.0.0.216

NANO AntiVirus

Riskware.Win32.Downware.doahim

0.30.0.296

Rising Antivirus

PE:Trojan.Win32.Generic.1832433E!405947198

23.00.65.15311

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38312

ViRobot

Trojan.Win32.Agent.1002496.A[h]

2014.3.20.0

File size:

979 KB (1,002,496 bytes)

Product version:

1.2.0.0

Riyue peer information technology (Beijing) Co., Ltd

Original file name:

downer

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Digital Signature

Signed by:

Riyue peer information technology (Beijing) Co., Ltd

Authority:

Thawte, Inc.

Valid from:

2/20/2014 1:00:00 AM

Valid to:

2/21/2015 12:59:59 AM

Subject:

CN="Riyue peer information technology (Beijing) Co., Ltd", OU=departmentof commerce, O="Riyue peer information technology (Beijing) Co., Ltd", L=beijing, S=beijing, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5EF67E737811F4602210D3F817327CE7

File PE Metadata

Compilation timestamp:

1/23/2015 10:37:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:s+xyDKkPV8QcgmBOXosPwB+PYpmlk167hXD/srfI3SpLfdn:aKqVi4X6B+QpNIdXD/srfI3Sp7dn

Entry address:

0x244F70

Entry point:

60, BE, 00, 90, 55, 00, 8D, BE, 00, 80, EA, FF, C7, 87, F8, 69, 17, 00, B4, 2D, 65, E4, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

948 KB (970,752 bytes)

The file software_91747972.exe has been seen being distributed by the following 4 URLs.

http://www.onlinedown.net/.../index2.php?ver=2015 ?&name=????&id=7677&token=c819d08e7ebb931f9d5787c68570d372

http://www.onlinedown.net/.../index2.php?ver=2.1&name=web freer&id=455474&token=4cb503cfed0381e47c9410590d315c8a

http://dlc2.pconline.com.cn/filedown3_37973_16961492/.../360safe 04041 n6075a44d8c_5100000379736961492.exe

http://www.onlinedown.net/.../index2.php?ver=3.1&name=???????&id=552168&token=4cd1b76f07b3ac74572cb368ed4fcb55

Remove software_91747972.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.